Posted 01/27/09 at 08:40:36 AM by Pulkit Chandna

Leading jobs portal Monster.com has warned its users against a fresh instance of private information theft, which happens to be the second such case in the past 18 months. The security breach has not only tarnished its security record further but also dealt a heavy blow to the trust that users have posited in it.

It issued the warning on its website, in what appears to be a less-frequented section, and opted against directly contacting the users. The company began its statement by downplaying the security breach: “as is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database.”

It claims to have taken the necessary “corrective steps” immediately after discovering the security breach. It has asked users to reset their passwords on their own, though they will eventually be forced to make the change. The company says that the exposed data includes user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Resumes and sensitive data is said to be safe.

Monster.com has also advised users that they need to be more vigilant and watch out for specious emails claiming to be from the company.

Read More

Posted 08/06/08 at 09:55:14 AM by Pulkit Chandna

Symantec has issued yet another warning related to a vulnerability in MS Access that was acknowledged by Microsoft last month. Symantec has warned that Internet Explorer 6 is more vulnerable to this threat than subsequent versions. It had earlier unearthed an update to the diabolical Neosploit kit that has made it easier for even neophyte hackers to exploit the chink in the MS Access armor.

There is still no news of a patch to fix the Snapshot Viewer ActiveX control that comes bundled with MS Access. This ActiveX control is being exploited by cyber interlopers to wrest control of computers. Symantec has advised users to set three kill bits for the Snapshot Viewer ActiveX control to prevent it from being activated.

Read More

Posted 07/14/08 at 06:19:31 PM by Pulkit Chandna

Last week, Microsoft had warned that hackers were exploiting a flaw in the Snapshot Viewer ActiveX control which comes bundled with all versions of Microsoft Access save for MS Acess 2007. Now Symantec has uncovered an update to the malicious Neosploit Toolkit that will allow even fledgling hackers to exploit the abovementioned loophole in MS Access making attacks more rampant.

Attackers are exploiting the threat using specially designed websites that hideously download malicious code. Since the ActiveX control bears Microsoft's digital signature, those users who have rated MS to be a trustworthy software publisher in their IE settings might very quietly have their systems compromised

Microsoft hasn’t come up with a fix for this bug yet. Though Microsoft says that attacks are targeted and not widespread, you are advised to breeze through the terse list of suggested actions posted by Microsoft and mitigate the risk.

Read More